ansible-collections/community.general
1
0
Fork 0
mirror of https://github.com/ansible-collections/community.general.git synced 2025-07-26 06:31:23 -07:00
Code Issues Projects Releases Packages Wiki Activity Actions 8

ansible-pull: Add option to verify gpg signature of a commit

Browse source 
Add option '--verify-commit' to verify a GPG signature of the checked
out commit. As noted in the git module documentantion, this requires
git version >= 2.1.0
This commit is contained in:
Dionysis Grigoropoulos 2015-06-10 10:27:25 +03:00
commit 6f11896303
No known key found for this signature in database
GPG key ID: 50B00433B8BA2B28
1 changed files with 6 additions and 1 deletions
Download patch file Download diff file Expand all files Collapse all files

7
lib/ansible/cli/pull.py
View file

@ -70,7 +70,9 @@ class PullCLI(CLI):
help='adds the hostkey for the repo url if not already added') help='adds the hostkey for the repo url if not already added')
self.parser.add_option('-m', '--module-name', dest='module_name', default=self.DEFAULT_REPO_TYPE, self.parser.add_option('-m', '--module-name', dest='module_name', default=self.DEFAULT_REPO_TYPE,
help='Repository module name, which ansible will use to check out the repo. Default is %s.' % self.DEFAULT_REPO_TYPE) help='Repository module name, which ansible will use to check out the repo. Default is %s.' % self.DEFAULT_REPO_TYPE)
self.parser.add_option('--verify-commit', dest='verify', default=False, action='store_true',
help='verify GPG signature of checked out commit, if it fails abort running the playbook.'
' This needs the corresponding VCS module to support such an operation')
self.options, self.args = self.parser.parse_args() self.options, self.args = self.parser.parse_args()
@ -127,6 +129,9 @@ class PullCLI(CLI):
if self.options.private_key_file: if self.options.private_key_file:
repo_opts += ' key_file=%s' % self.options.private_key_file repo_opts += ' key_file=%s' % self.options.private_key_file
if self.options.verify:
repo_opts += ' verify_commit=yes'
path = module_loader.find_plugin(self.options.module_name) path = module_loader.find_plugin(self.options.module_name)
if path is None: if path is None:
raise AnsibleOptionsError(("module '%s' not found.\n" % self.options.module_name)) raise AnsibleOptionsError(("module '%s' not found.\n" % self.options.module_name))